Sprintf question!

Question

imanust 0 Newbie Poster

16 Years Ago

Hi everyone,

was trying to make login. wanted to make the query to get details off sql safer and used sprintf but it does not work.

the code is as follow:

<?php
session_start();
include('db.php');

if(isset($_POST['submit'])) :
	// Username and password sent from signup form
	//stripping
	$username = strip_tags($_POST['username']);
	$password = sha1(strip_tags($_POST['password']));

	// Making query safer
	$query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
	
	$result = mysql_query($query);
	if(1 != mysql_num_rows($result)) :
		// MySQL returned zero rows (or there's something wrong with the query)
echo "Login failed";
	else :
		// We found the row that we were looking for
		$row = mysql_fetch_assoc($result);
		
		// Register the user ID for further use
		$_SESSION['member_ID'] = $row['ID'];
		header('Location: members-only.php');
	endif;
endif;
?>

I entered the login details i stored in mysql but get 'Login failed' no matter wat i enter in the login form.

Any help would be appreciated.

Thank you

php

2 Contributors
3 Replies
98 Views
7 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by blocblue

blocblue 238 Posting Pro in Training

16 Years Ago

Try removing the ; after the LIMIT 1...

R

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

imanust 0 Newbie Poster · Answer 1 · 2008-04-16T03:35:49+00:00

Yeah tried it. Still getting the same error :(

blocblue 238 Posting Pro in Training Featured Poster · Answer 2 · 2008-04-16T04:06:20+00:00

Have you turned on php error reporting, and if so, what errors does that give you?

Also, do you select the database that uses the table, members?

You might also want to reformat your SQL query to read:
"SELECT ID FROM `databaseName`.`members` WHERE `username` = '%s' AND `user_password` = '%s' LIMIT 1"

Obvious thought, are the fields you're trying to select from spelt correctly and in the correct case?

R